CVE-2025-13821
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA secrets via profile nickname updates or email verification events. Mattermost Advisory ID: MMSA-2025-00560
Vendor
Product
CWE
Yayın Tarihi
2026-02-16 12:16:21
Güncelleme
2026-02-18 21:44:27
Source Identifier
responsibledisclosure@mattermost.com
KEV Date Added
-